System and method for using DRM to control conditional access to broadband digital content

ABSTRACT

A system and method is disclosed for providing DRM in a broadcast environment. In accordance with the embodiment, a DRM system distributes encrypted service keys over the mobile telephone network to a mobile terminal. The mobile terminal receives the encrypted service key and uses it to decrypt encrypted content keys received from a DVB set top box. The decrypted content keys are sent to the set box over local link where they are used to decrypt encrypted broadcast content. A power management technique for mobile receivers is also disclosed that enables the receiver hardware to power off during a portion of the rendering process.

FIELD OF THE INVENTION

This invention generally relates to the protected transmission and useof IP datacast content. More specifically it relates to secure broadbanddigital content delivery and rights management using a mobile terminal.

BACKGROUND OF THE INVENTION

DVB provides a standard for the distribution of digital broadcast videocontent. One of the issues concerning the adoption of DVB is that thepristine digital content provided by the standard could potentially berecorded and distributed without loss of quality and without the contentowner's consent. To avoid unauthorized distribution the DVB standardincludes a mechanism for encrypting the distributed content prior totransmission. DVB, however, does not dictate a digital rights management(DRM) scheme or key delivery standard. These two elements ensure thesecure transmission and conditional access to the protected content. DVBleaves this aspect of content protection to the development ofproprietary DRM systems.

In any rights managements system encryption of the delivered content isrelatively simple. What is more difficult is distributing conditionalaccess to the rights needed to decrypt and use the distributedinformation. Rights embody what an end user is allowed to do with theencrypted content, for example, play the content for a certain period orcopy the content a limited number of times. DRM accomplishes thisconditional access to the content by wrapping the keys required todecrypt the content into a tightly controlled system where the rightsthemselves cannot be freely copied or distributed, see Published U.S.Patent Application No. 2003-0076955-A1. The successful control of theserights requires that they be individualized to restrict distribution ofthe rights beyond a particular authorized end user.

Current DVB DRM solutions transmit these rights as vouchers sent alongwith the same broadcast that carries the DVB transmission. This approachcan be very wasteful of bandwidth because each user needs to receive anindividualized rights voucher. As the number of vouchers grows thebroadcast link's bandwidth, which must also carry the digital content,will be needlessly wasted. This method of voucher transmission isparticularly wasteful because every user that receives the broadcastreceives not only the voucher intended for that user but also thevouchers intended for every other user.

Other approaches to provide DRM control utilizing specialized equipment,such as set top boxes with smart cards and modems, to distribute rightsvouchers through different communications links, for example overtelephone lines. However, the specialized equipment required to carryout the rights delivery prevents over-the-air broadcasters fromefficiently controlling an end user's equipment the way a cabledistributor might. The problem is that while the over-the-airbroadcasters would like to develop additional broadcast pay systems,they cannot without first developing a unified hardware infrastructurefor the end users, including DRM infrastructure (hardware and software)and billing mechanisms. The investment required to create a system wouldbe substantial for any one broadcast channel. Additionally end userswould be unlikely to invest in or acquire new equipment for a systemthat worked for one only channel.

SUMMARY OF THE INVENTION

The above identified problems are solved and a technical advance isachieved in the art by providing a system and method for using DRM tocontrol conditional access to DVB content.

An exemplary embodiment of the present invention includes a DRM systemthat encrypts a DVB service key and creates rights vouchers describingthe rights associated with the use of the DVB service key. A rightsvoucher and the encrypted service key are sent to a mobile terminal,which is programmed to decrypt the service key in accordance with therights articulated in the rights voucher. A DVB display device receivescontent encrypted with a content key and also receives a version of thecontent key that has been encrypted with the service key. The DVBdisplay device sends the encrypted content key to the mobile terminal.The mobile terminal decrypts the content key with the service key inaccordance with the rights defined in the rights voucher. The mobileterminal sends the decrypted content key to the DVB display device whereit is used to decrypt the encrypted content.

In a further exemplary embodiment of the present invention, the DRMsystem sends the mobile terminal an executable application. The mobileterminal then runs the application which governs the service and contentkey decryption and enforces the assigned rights.

In a further exemplary embodiment of the present invention, the DRMsystem and the mobile terminal both operate according to the OMA DRMstandard to protect the service key, define the rights voucher, and toenforce the granted rights on the mobile terminal.

In a further embodiment of the present invention the mobile terminalconnects to the DVB display device via Bluetooth.

In a further embodiment of the present invention the mobile telephonebilling system is used to bill for the use of DVB content.

Other and further aspects of the invention will become apparent duringthe course of the following description and by reference to the attacheddrawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing the delivery of DVB encrypted content.

FIG. 2 is a block diagram showing an exemplary embodiment of the presentinvention disclosing a DRM system for DVB using a mobile terminal.

FIG. 3 is a block diagram showing an exemplary embodiment of the presentinvention disclosing the operation of and communication between a mobileterminal and a DVB set top box.

DETAILED DESCRIPTION

The system and method of the present invention provide an efficient andsecure method for transmitting DRM rights in a DVB environment. Thepresent invention has the advantage of using a separate distributionpath to allow transmission and rights control to occur in a protectedmanner without needlessly wasting broadcast transmission bandwidth.Additionally, in a particularly advantageous embodiment the presentinvention employs the mobile telephone infrastructure and establishedmobile DRM standards for ready made billing and content control.

FIG. 1 presents an overview of the DVB content encryption and deliveryscheme. Clear, i.e. unencrypted, DVB content 1 c is first encrypted inaccordance with the DVB common scrambling algorithm (DVB CSA 5). DVB CSA5 takes the clear DVB content 1 c and a random CSA control word 10 asinput. DVB CSA 5 then employs a symmetric encryption algorithm togenerate the encrypted DVB content 1 e. The CSA control word 10 mustlater be used by a decryption algorithm to decrypt the encrypted DVBcontent 1 e and recover the usable clear DVB content. The CSA controlword can, therefore, be thought of as the key to the distributedencrypted content. The encrypted DVB content 1 e is now safe to freelybroadcast over the airways 50 to DVB end users 40. With regard to theend users, the figures only show one symbol to designate end users 40,however, it should be understood that any number of end users mightreceive the broadcasted content. In addition, the identified end user 40represents a number of hardware and software structures that perform DVBfunctions, e.g. receiving and decrypting DVB content and messages. Theend user structures can be embodied by any suitable known equipment,such as TVs, tuners, or set top boxes programmed to operate inaccordance with the DVB standard and the disclosed system.

The process described thus far is defined by the DVB standard andtherefore should be consistent among various DVB implementations.However, the encrypted DVB content received by the end users 40 willonly be useful if it can be decrypted. To do so, the end user 40 willrequire a copy of the CSA control word 10. The DVB standard, however,does not dictate how to securely transmit control words to end users. Italso does not dictate how to ensure that the control words, oncedistributed, are only used in accordance with the rights dictated by thecontent providers. A complete DRM system must, therefore, both protectthe secrecy of the control words in transit and limit their use by theend users in accordance with the rights granted by the contentproviders. A general approach for carrying out this proprietary aspectof the DVB system is shown in the dashed rectangle in FIG. 1.

First, the CSA control word 10 is encrypted 20 with a service key (SK22). The service key is used to encrypt all CSA control words associatedwith a particular DVB service, e.g. a premium channel or a pay-per-viewevent. Different services, however, would most likely use differentkeys. The encrypted CSA control word is added to an entitlement controlmessage (ECM 25). In addition to the encrypted CSA control word, the ECM20 might also include header information or other relevant data. TheECMs are then transmitted over the broadcast network to the end users40.

The encrypted CSA control word contained in the ECM must be decryptedbefore it can, in turn, be used to decrypt the encrypted DVB content.Accordingly, the service key SK 22 must be transmitted to the end user.To do so securely, the service key is encrypted 28 with a user key (UK27) that is specific to a particular end user. Typically the UK isstored in a protected smart card in the end users set top box. Theencrypted SK is then used to generate an entitlement management messageEMM 29. The EMM might also include header or rights information. Thetransmitted rights information, for example, would dictate how the enduser can use the protected content.

Unlike the previous encryption steps, the user key does not need to betransmitted to the end users 40 because the end users' hardware ispre-programmed to decrypt data encrypted with the users' UK. A number ofprocedures can be employed to ensure the secrecy and usability of theUK. For example, the end users' hardware can be pre-programmed with ashared secret known by the DVB system. Or, a public key cryptographysystem can be employed to encrypt the SK without ever knowing the endusers' UK. In either instance, upon receipt of EMM the end user decryptsthe service key which in turn is used to decrypt the CSA control wordwhich ultimately is used to decrypt the broadcast content.

As shown in FIG. 2, the general approach for transmission of DVB contentis modified to employ a mobile terminal 70. The delivery of theencrypted DVB content 1 e and encrypted control words within ECMs 25 isdone as shown in FIG. 1. The introduction of a mobile terminal, however,allows the system of FIG. 2 to off-load DRM implementation and servicerequirements from the DVB broadcaster to the mobile telephone/datanetwork.

The content provider, i.e. the broadcaster, delivers the SK togetherwith other data relating to the content, to the DRM system. In practicethis could be accomplished by a server at the content providergenerating and sending the SK via any known method of computer tocomputer communication.

In one embodiment, the SK is sent already encrypted by the UK in an EMM.The DRM system would add the particular formatting and rightsinformation needed and then send the EMM to the Mobile terminal.

In an alternative embodiment, as shown in FIG. 2, the broadcaster couldprovide the DRM System 30 with the SK prior to its encryption with a UK27. This would limit the amount of data traffic between the DVBbroadcaster and the DRM System 30 because the SK is generic to allusers, while an encrypted EMM is user specific and must be generated foreach end user requesting the service. These two examples demonstrate thefact that the various aspects of the DVB encryption/broadcast and theDRM System can be split up between the DVB and DRM service providers inany number of ways, including a system where the DVB provider alsoperforms the DRM services.

The rights enforcement supplied by the DRM System can be performed withany known DRM technique. For example, the mobile terminals participatingin the system can be designed from the ground up to include a UK and DRMsoftware and/or hardware that protects the UK. The software and/orhardware would ensure that the mobile terminal only uses the UK inaccordance with instructions provided by the DRM system. In thisembodiment, the DRM system would either need to know the UK, i.e. ashared secret, or know how to encrypt content so that the UK can decryptit, i.e. public key cryptography.

Returning to the embodiment of FIG. 2A, once the DRM System 30 receivesthe SK 22 it provides DRM protection for the SK and distributes it tothe end users over the mobile telephone network. The DRM System can beembodied by a computer or a group of computers that are programmed toperform the disclosed operations and are connected to the mobiletelephone network such that they can transmit data to mobile terminals.

The DRM System may also have data stored on the user, such as e.g.identification data (name, address, phone number), data relating to hisDRM compliant devices, data relating to content subscription, datarelating to billing etc. The DRM System may communicate with the mobilenetwork operator, e.g. for billing purposes.

In the present embodiment one of the functions of the DRM System is toprovide the DRM infrastructure to the mobile terminal 70. As shown inFIG. 2, the DRM system provides the mobile terminal 70 with a ProtectedApplication 36 containing the UK 27. The Protected Application runs onthe mobile terminal and performs DRM operations, such as, e.g., keydecryption and rights enforcement. The Protected Application can beprogrammed according to any know methods of providing protectedcomputing. Moreover, once installed in the mobile terminal the ProtectedApplication provides DRM enforcement for any number of EMMs sent by thesystem. This embodiment is particularly advantageous because it providesfor the delivery of the UK. It can, therefore, both initiate a mobileterminal that has never participated in the particular DRM system, andrefresh the UK on mobile terminals in the system to provide updatedsecurity.

In addition to providing the Protected Application, the DRM System mustalso be programmed to provide a protected SK, and rights dictating itsuse, to the mobile terminal. This is accomplished by encrypting/wrapping34 the SK to create an EMM wrapped in a DRM Voucher 35, which dictatesthe usage rights for the SK. Accordingly, the computers embodying theDRM System 30 are programmed to wrap and encrypt 34, i.e. encapsulate,the EMM and other data into a DRM Voucher 35. The DRM System 30communicates with mobile terminals through a mobile network 80 todeliver the DRM messages and objects, e.g. DRM Voucher and ProtectedApplications.

As a rights object, the DRM Voucher could also include protected rightsdefinitions dictating the number and type of uses that can be performedon the content associated with the SK. The DRM Voucher may furthercomprise other data, e.g. data relating to the requested/ordered contentand data relating to the billing or payment. The DRM Voucher may beexpressed in a rights expression language, such as e.g. ODRL, or in anextensible markup language such as e.g. XML or in any derivativesthereof.

The function of the rights object, however, could be implemented in aless flexible way by pre-programming the rights into the system or theprotected application. For example, the Protected Application could beprogrammed to only allow a certain set of rights, e.g. one play, for allEMMs it receives.

Turning now to the operation of the mobile terminal and the operationsperformed at the end user 40. As noted above, the end user 40 employs ameans of receiving DVB encrypted content and providing output via adisplay. In the disclosed embodiment this operation is performed by aDVB set top box, however, the disclosed operations can be integratedinto a TV or can be embodied by any hardware known in the art capable ofperforming the disclosed functions.

As shown in FIG. 3, the DVB set top box communicates with the mobileterminal over any know communication link, such as a wired connection ora wireless RF or infra red link. One advantageous embodiment wouldemploy Bluetooth for the communications between the set top box and themobile terminal because it is an established standard and provides aready made secure connection between the set top box and the mobileterminal. As previously discussed, the mobile terminal 70 is simplyhardware device connected to the mobile network and programmed toperform the disclosed functions of the DRM system.

The process begins with the end user ordering protected DRM content.Lists of available content can be set up for browsing on the televisionvia the DVB network or set top box or the mobile terminal itself via itsuser interface. In the case where the user browses for content on themobile terminal, the mobile terminal can connect to servers at the DRMsystem, or from other sources, to receive data describing the availablecontent choices. Alternately, the available content can be browsed andordered via the voice telephone network.

In any case, once the user has selected a particular piece of content,the DRM System 30 is notified and begins to push the required DRMvouchers and software to the mobile terminal 70. The use of the mobileterminal in the ordering process enables the DVB content provider tomake use of the mobile terminal billing network to charge for thecontent. In other words, if a user orders a pay per view movie thecharge for that movie can be simply added to the users mobile phonebill.

With the content ordered the process of using the content beings. Asshown in FIG. 3, the set top box 41 receives, or has previously receivedand stored, the encrypted DVB content 1 e and its associated ECMs 25.The set-top box, however, cannot use any of the encrypted DVB content 1e without the CSA control word contained in the ECM. However, the ECMmust be decrypted with the appropriate service key to obtain the clearCSA control word. To do this the set top box 41 passes the ECM 25 to themobile terminal 70 over the Bluetooth link 90. The Bluetooth link doesnot necessarily need to be protected at this stage because the ECMcontains an encrypted CSA control word. Advantageously, many set topboxes already perform a similar function and send the received ECMs to asmart card for decryption. Thus, the set top boxes need only beredesigned to communicate with the mobile terminal instead of the smartcard.

As described above, and shown in FIG. 3, the mobile terminal 70 hasreceived the Protected Application 36 and the DRM Voucher 35 from DRMSystem 30. The process for decrypting the CSA control word is asfollows, preferably, the mobile terminal has a Mobile DRM Engine 72,which is hardware and/or software designed to perform secure processingand is resistant to tampering by individuals attempting to thwart theapplied DRM. The DRM Engine runs the Protected Application 36, which hassecure access to the UK 27. The protected application takes the DRMVoucher 35 and ECM 25 as input.

The DRM will then determine if the rights expressed in the DRM voucherallow the requested use, e.g. playing of DVB Content. If the requesteduse is allowed, the Protected Application uses the UK to decrypt 74 theSK contained in the EMM. The decrypted SK is then used to decrypt theCSA Control Word contained in the ECM to produce a clear CSA ControlWord 10. The clear CSA Control Word is then sent back over the Bluetoothlink to the set top box. Preferably, the transmission of the clear, i.e.unencrypted, CSA Control Word to the set top box occurs over a secureBluetooth Link. Bluetooth Link Secure connections provide ready madeauthentication, authorization, and encryption (ciphering of plain text).

Distributing the Protected Application to practice the DRM System isparticularly advantageous because the Protected Application can betailored for the end user's specific mobile terminal and/or set top boxthereby ensuring compatible operation for users regardless of theequipment employed.

Upon receipt of the decrypted CSA Control Word 10 the DVB set top boxuses the CSA Control Word to perform DVB CSA Decryption 43. Thisgenerates clear DVB content 1 c that can then be output to display 46for use. Display 46 is merely a generic representation for use of thecontent. In practice the content could be music, software, etc., whichwould each be used on an appropriate device.

In alternative embodiments, the Protected Application may have a periodof validity as expressed in DRM Voucher and the Protected Applicationmay be made inoperable after the validity expires or the ProtectedApplication may even be discarded, overwritten or deleted wholly or inpart. In one embodiment of the invention the Protected Application thathas been made inoperable may be re-activated with a response messagefrom the DRM system, wherein the re-activation message may be a DRMVoucher comprising another Protected Application.

Other embodiments could use the mobile phone network to receive locationinformation from the network. The location of the mobile terminal caneasily be determined down to cell level and the location data isavailable in the Visitor Location Register (VLR) in the network. Thereceived location information may be used as part of the access control.For example, the DRM Voucher might contain geographic restrictions thatcan be applied using this feature.

Another advantageous embodiment would use the mobile terminal inconnection with any near by device that receives DVB content. If aBluetooth connection is used, the Bluetooth Service Discovery Protocoland Bluetooth pairing mechanism will provide a trust relationship thatmay be used for the necessary set top box identification. Thisfunctionality would allow a user to buy and use content at a friendshouse or other location.

In another advantageous embodiment, the DRM system can leverage the useof mobile terminals and implement the Open Mobile Alliance's (OMA)standard DRM infrastructure. The benefits of using OMA compliant mobileterminals to deliver EMMs and DRM rights are thus two fold. First,mobile terminals are a common piece of hardware owned by mostindividuals, therefore, the broadcaster can provide added serviceswithout deploying specialized hardware to all potential end users.Second, the use of mobile terminals also allows broadcasters to adoptstandard mobile DRM systems like OMA thereby obviating the need todevelop and maintain costly specialized systems. Both of theseadvantages lead to a system where an end users can employ standardequipment to obtain premium DVB content at the spur of the moment. Thisallows for a more marketable system compared to a system where usersmust plan ahead and obtain special equipment to view premium content.

In general, OMA defines a software and hardware standard for mobileterminals. The OMA DRM standard allows compliant devices to implementand participate in a rights management system, including securelytransmitting protected content and an executable application, such as aJava applet. The OMA compliant mobile terminal will then run theapplication, which contains the required UK and other securityprocedures necessary to ensure the protection of the protected content.In the present invention the protected content is simply the SK and theCSA control word rather than the actual usable media. Additionaldetailed descriptions of the OMA DRM system are documented in OMApublished documents including OMA, DRM Content Format Version 1.0; OMA,Digital Rights Management Version 1.0; and OMA Rights ExpressionLanguage Version 1.0, which are all available atwww.openmobilealliance.com and are hereby incorporated by reference.

In the context of the present invention, the DRM System would createProtected Applications and DRM Vouchers in accordance with the OMAstandard. And the mobile terminal would be designed and programmed tofollow the OMA standard when running the OMA application and followingthe DRM vouchers.

As stated above, the disclosed invention can be embodied in any hardwarecapable of performing the disclosed operations. For example, in anotherembodiment all the end user functions of the disclosed invention can beembodied in a single mobile terminal with a receiving hardware device, arendering hardware device and a memory device containing a softwareprogram to practice the disclosed procedures, such as, e.g., a mobilephone, laptop or personal digital assistant. Such devices are becomingincreasingly popular sources of entertainment as enhancements tonetworks and portable devices allow richer and more varied content tothe end user. For example, mobile telephone handsets with relativelylarge color screens are likely to become popular devices for viewingvideo broadcasts.

Using a mobile terminal to render broadcast content, however, presentssome additional issues that require solutions. One of the most prominentconcerns for any mobile device is available battery life. Receivingbroadcast content is particularly battery intensive because the mobileterminal's receiving circuits must stay active during the entirebroadcast. For example, the power consumption required for receiving thebroadcast of a movie or television show might significantly reduce thedevice's available battery life.

An exemplary embodiment of present invention provides a solution toreduce battery use in broadcast situations. The solution involvesproviding broadcasts to mobile devices in time sliced and timecompressed segments. In other words, if the broadcast link hassufficient bandwidth to send a segment of the broadcast content in lesstime than it would take to render the content contained in the segment,power can be saved because the content can be sent and then the receivercan be turned off while the content plays. For example, if a network canbroadcast content at 3 megabits per second and the content renders at300 kilobits per second, the receiver at the mobile device only needs toturn on for a second to receive ten seconds worth of content. Thereceiver can then turn off for 9 seconds while the content renders,thereby, reducing the power consumption by 90%. The broadcast of livecontent under this technique would require a slight transmission delayconsistent with the employed segment length. For example, if thebroadcaster chose to send the content in one minute segments it wouldhave to buffer one minute's worth of content before beginning thetransmission of the first segment. Accordingly, the broadcast would bedelayed by about a minute.

This time slice technique also has the advantage of easing thetransition between cells in a cellular environment where the mobiledevice is moving from cell to cell. As the mobile terminal moves fromcell to cell it must choose the optimal time to switch its connectionfrom one cell to the next. If the mobile terminal was receiving thebroadcast in real time the handoff to the next cell might cause somedefect in the receipt of the broadcast transmission. It would at leastrequire very careful judgment to pick the optimal time for the switch.In contrast, using the disclosed time sliced technique the mobileterminal can intermittently use its receiver to look for other cells.Then, by virtue of the extended time between segment transmissions, alarger time window is available to determine the optimal cell transfertime.

To carry out the described technique, the mobile terminal can beprovided with a memory device having executable software for performingthe disclosed operations. For the disclosed technique to be successful,the mobile terminal must be provided with the proper timing to turn offand turn on its receiver during segment receipt. The initialdetermination to turn the receiver on can be generated from a number ofsources, typically it will be at the request of the device user for aparticular piece of content. The device can then turn off afterreceiving the first segment. Once off, then next determination is whento turn the receiver back on, which can be accomplished in a number ofways. For example, the segment transmission gap could be preset systemwide as part of the protocol employed. In other words, all transmissionsegments could occur at predetermined intervals. Alternately, the mobileterminal could automatically turn on its receiver when the currentsegment is about finish its rendering phase and wait for the nextsegment, e.g., when the currently rendering segment reaches 95%completion the receiver can turn on. Alternately, each segment couldinclude data indicating when the next segment will be broadcast.Identifying the broadcast time of the next segment through data in theprevious segment, is particularly advantageous because it allowsvariable segment size and the determination of the timing of the nextsegment without rendering the current segment.

The many features and advantages of the present invention are apparentfrom the detailed specification, and thus, it is intended by theappended claims to cover all such features and advantages of theinvention which fall within the true spirit and scope of the invention.

Furthermore, since numerous modifications and variations will readilyoccur to those skilled in the art, it is not desired that the presentinvention be limited to the exact instruction and operation illustratedand described herein. Accordingly, all suitable modifications andequivalents that may be resorted to are intended to fall within thescope of the claims.

1. A method for protecting broadcast digital content comprising:encrypting digital content with a first key; encrypting the first keywith a second key; broadcasting the encrypted first key; broadcastingthe encrypted digital content in a number of segments; protecting thesecond key and assigning rights to the second key; and transmitting theprotected second key and the assigned rights to a mobile terminal overat least one of a number of networks.
 2. The method of claim 1 whereineach segment is broadcast in less time than is required to render theencrypted digital content contained in the segment.
 3. The method ofclaim 1 wherein transmitting the protected second key and the assignedrights to a mobile terminal over a mobile network.
 4. A method forprotecting broadcast digital content comprising: encrypting digitalcontent with a first key; encrypting the first key with a second key;broadcasting the encrypted digital content in a number of segments,wherein each segment is broadcast in less time than is required torender the envrypted digital content contained in the segment;protecting the second key and assigning rights to the second key; andtransmitting the protected second key and the assigned rights to amobile terminal over a mobile network.
 5. A method for viewing protecteddigital content comprising: receiving and buffering a broadcastedsegment of encrypted digital content and an encrypted first key with abroadcast receiver of a mobile terminal and turning off the broadcastreceiver after the segment is received; receiving a protected second keyand assigned rights at the mobile terminal over a mobile network;decrypting the encrypted first key with the protected second key inaccordance with the assigned rights; decrypting the broadcast segment ofencrypted digital content with the decrypted first key; rendering thedigital content; and waiting turning on the broadcast receiver after apredetermined period.
 6. The method according to claim 5 wherein thepredetermined period is dictated by a parameter of the broadcastedsegment.
 7. The method of claim 5 wherein the predetermined period isprogrammed into the mobile terminal.
 8. The method of claim 5 whereinthe predetermined period is determined by the amount of time the digitalcontent takes to render.
 9. The method of claim 5 where the digitalcontent is a DVB video program
 10. A system for protecting digital videobroadcast content comprising: a mobile network; a computer connected tothe mobile network; a mobile terminal connected to the mobile network;wherein the mobile terminal comprises a content receiving device andcontent rendering device; wherein the content receiving device isprogrammed to receive one-way content transmissions containing aplurality segments of encrypted digital content and at least oneencrypted first key; wherein the computer is programmed to protect asecond key, create a rights voucher identifying allowed uses of thesecond key, and send the protected second key and the rights voucher tothe mobile terminal over the mobile network; wherein the mobile terminalis programmed to use the protected second key in accordance with therights voucher to decrypt the encrypted first key, and the contentreceiving device is further programmed to decrypt the encrypted digitalcontent with the decrypted first key; wherein the mobile terminal isprogrammed to turn off the content reception device after receiving afirst segment of encrypted digital content, and then turning the contentreception device on after a predetermined period of time to receive asecond segment of encrypted digital content; and wherein the renderingdevice renders the decrypted digital content.
 11. A system fordisplaying protected digital content comprising: a mobile network; amobile terminal connected to the mobile network; the mobile terminalcomprising a content receiving device and capable of receiving broadcastcontent and a rendering device capable of rendering content; wherein thecontent receiving device is programmed to receive broadcast contenttransmissions containing segments of encrypted digital content and atleast one encrypted first key, and wherein the content receiving deviceis further programmed to send the encrypted first key to the mobileterminal over the short range network; wherein the mobile terminal isprogrammed to use the protected second key in accordance with the rightsvoucher to decrypt the encrypted first key, and the content receivingdevice is further programmed to decrypt the encrypted digital contentwith the decrypted first key; wherein the mobile terminal is programmedto turn off the content reception device after receiving a first segmentof encrypted digital content, and then turning the content receptiondevice on after a predetermined period of time to receive a secondsegment of encrypted digital content; and wherein the rendering devicerenders the decrypted digital content.
 12. The system of claim 11wherein the encrypted digital content is a DVB transmission and therendering device is a screen and at least one speaker.
 13. A system fordisplaying protected digital content comprising: a mobile terminal; themobile terminal comprising a content receiving device and capable ofreceiving broadcast content and a rendering device capable of renderingcontent; wherein the content receiving device is programmed to receivebroadcast content transmissions containing segments of encrypted digitalcontent and at least one encrypted first key, and wherein the contentreceiving device is further programmed to communicate the encryptedfirst key to the mobile terminal; wherein the mobile terminal isprogrammed to use the protected second key in accordance with the rightsvoucher to decrypt the encrypted first key, and the content receivingdevice is further programmed to decrypt the encrypted digital contentwith the decrypted first key; wherein the mobile terminal is programmedto turn off the content reception device after receiving a first segmentof encrypted digital content, and then turning the content receptiondevice on after a predetermined period of time to receive a secondsegment of encrypted digital content; and wherein at least one of thefirst keys is decrypted and then the encrypted digital content isdecrypted and the rendering device renders the decrypted digitalcontent.